Harrods, the iconic British luxury department store, has confirmed that it was recently targeted in a cybersecurity incident, becoming the third major UK retailer in just a few days to report a cyber incident. The Harrods cyberattack follows similar breaches at Marks & Spencer and the Co-op.
The cyberattack on Harrods prompted the department store to take precautionary steps, including limiting online access while assuring customers that its physical stores and online shopping were still operational.
The incident, which occurred in late April 2025, saw hackers attempt to gain unauthorized access to Harrods’ systems. The UK retailer restricted internet access at its sites as a precautionary measure but assured customers that its flagship Knightsbridge store, H Beauty branches, and airport outlets remained open. Additionally, online shopping services continued without interruption.
Response to the Harrods Cyberattack
In a statement provided to The Cyber Express, the company confirmed the incident, stating, “We recently experienced attempts to gain unauthorized access to some of our systems. Our seasoned IT security team immediately took proactive steps to keep systems safe, and as a result, we have restricted internet access at our sites today. Currently, all sites, including our Knightsbridge store, H beauty stores, and airport stores, remain open to welcome customers. Customers can also continue to shop via harrods.com.”
Harrods has not yet provided additional details on the scale or potential consequences of the breach, including whether customer data was affected. Customers were reassured that no action was needed on their part at this time, with the retailer promising to provide updates as the situation evolves.
Rising Concerns in the Retail Sector
The Harrods cyberattack comes on the heels of similar incidents that recently disrupted operations at Marks & Spencer and the Co-op. Marks & Spencer, for example, revealed a cyberattack linked to the hacking group “Scattered Spider” that caused widespread disruptions to online ordering systems and stock shortages in some physical stores. The attack, which reportedly involved the deployment of DragonForce ransomware, has cost Marks & Spencer millions in lost sales. Online orders were suspended for several days, and authorities are still investigating the incident.
Meanwhile, the Co-op also reported an attempted network breach, prompting it to take precautionary measures such as shutting down parts of its IT systems and requiring staff to verify their identities during remote meetings. These measures were implemented to mitigate the risk of eavesdropping by cybercriminals.
The National Cyber Security Centre (NCSC), which oversees the UK’s cybersecurity efforts, has expressed concern over the growing number of attacks targeting the retail sector. Richard Horne, the NCSC’s CEO, emphasized that these incidents should serve as a wake-up call for retailers to bolster their defenses against cyber threats. He confirmed that the NCSC was collaborating closely with all affected companies to fully understand the nature of these attacks and to offer expert advice to the wider retail sector.
Conclusion
The ongoing investigations into the recent attacks on Harrods, Marks & Spencer, and the Co-op highlight the advancements of cybercriminals targeting high-profile UK retailers. While no direct link between the incidents has been established, experts speculate that shared vulnerabilities or common suppliers may be involved. This is an ongoing story, and The Cyber Express will be closely monitoring the situation. We’ll update this post once we have more information on the incident and or any new statement from the retailer.
